Bugs item #505448, was opened at 2002-01-18 09:13
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=505448&group_id=3357
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: IDMEF XML not well formed large packets
Initial Comment:
I'm running 1.8.3 on Linux and OpenBSD, and I've
noticed that if I see a "Large ICMP packet", in this
case 7591 bytes, the <data> tag fails to close, along
with all other open tags except <event>.
So, what I see is the end of the packet data, in hex,
followed by the </event>
So far, this is perfectly reproducable by just doing
and "nmap -sT addr" against the test Snort.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=505448&group_id=3357